Difference between revisions of "BitLocker Disk Encryption"

From ForensicsWiki
Jump to: navigation, search
Line 23: Line 23:
 
* [http://www.microsoft.com/downloads/details.aspx?FamilyID=131dae03-39ae-48be-a8d6-8b0034c92555&DisplayLang=en Microsoft Description of the Encryption Algorithm]
 
* [http://www.microsoft.com/downloads/details.aspx?FamilyID=131dae03-39ae-48be-a8d6-8b0034c92555&DisplayLang=en Microsoft Description of the Encryption Algorithm]
 
* [http://secude.com/htm/801/en/White_Paper%3A_Cold_Boot_Attacks.htm Cold Boot Attacks, Full Disk Encryption, and BitLocker]
 
* [http://secude.com/htm/801/en/White_Paper%3A_Cold_Boot_Attacks.htm Cold Boot Attacks, Full Disk Encryption, and BitLocker]
 +
 +
[[Category:Disk encryption]]
 +
[[Category:Windows]]

Revision as of 18:30, 29 December 2008

BitLocker is a Microsoft Full Volume Encryption solution first included with the Enterprise and Ultimate editions of Windows Vista.

Indicator

Drives protected with BitLocker will have a different signature than the standard NTFS header. Instead, they have in their first sector:
EB 52 90 2D 46 56 45 2D 46 53 2D
or, in ASCII,
eR -FVE-FS-

Algorithm

The program uses either 128 or 256 AES with an elephant diffuser. See the links section for full details.

Recovery Keys

See Also

Defeating Whole Disk Encryption

External Links